Dashboard / Repos / Torchload Checker

Torchload Checker

C 64 completed
Security
cli / python · tiny
7
Files
362
LOC
0
Frameworks
4
Languages
OverviewFiles & MetricsGit ActivityCall GraphSecurityReports

Pipeline State

completed
Run ID
#349189
Phase
done
Progress
1%
Started
Finished
2026-04-13 01:31:02
LLM tokens
0

Pipeline Metadata

Stage
Cataloged
Decision
proceed
Novelty
48.97
Framework unique
Isolation
Last stage change
2026-05-10 03:35:28
Deduplication group #65570
Member of a group with 1 similar repo(s) — this repo is canonical view group →
Top concepts (2)
Project DescriptionLibrary
Want fix-PRs on findings? Install Repobility's GitHub App · github.com/apps/repobility-bot

AI Prompt

Build me a command-line tool in Python that scans Python codebases to detect unsafe deserialization patterns, specifically focusing on `torch.load()` and pickle usage, to mitigate CWE-502 vulnerabilities. The tool should be able to scan a given repository path, output findings, and support filtering by severity levels like HIGH or CRITICAL. I also need functionality to output results in JSON format for CI/CD integration, and ideally, it should check for safe alternatives like `safetensors` usage.
python cli security ml vulnerability torch deserialization
Generated by gemma4:latest

Catalog Information

A command-line tool that scans Python codebases for unsafe torch.load() and pickle deserialization calls to mitigate deserialization vulnerabilities.

Description

The tool parses Python projects to locate calls to torch.load() and pickle.loads() that may lead to insecure deserialization. It reports the file paths, line numbers, and context of each risky invocation, allowing developers to review and refactor quickly. The scanner is lightweight, requiring only a Python interpreter and the PyTorch library to run. It is designed for integration into CI pipelines or local code reviews, helping teams maintain secure machine‑learning code. By focusing on a specific CWE (CWE‑502), it provides targeted insights for compliance and security teams.

الوصف

يقوم البرنامج بفحص مشاريع بايثون للعثور على استدعاءات torch.load() وpickle.loads() التي قد تؤدي إلى عمليات فك تسلسل غير آمنة. يقدّم تقريراً يضم مسارات الملفات، أرقام الأسطر، والسياق لكل استدعاء خطير، ما يتيح للمطورين مراجعة الكود وإعادة هيكلته بسرعة. يتميز بالبساطة ويحتاج فقط إلى مترجم بايثون ومكتبة PyTorch لتشغيله. صُمم ليُدمج في خطوط CI أو عمليات مراجعة الكود المحلية، مما يساعد الفرق على الحفاظ على كود تعلم الآلة آمن. يركز على ثغرة CWE‑502، ويقدّم رؤى محددة للفرق المعنية بالامتثال والأمان. كما يدعم تصدير النتائج بتنسيقات قابلة للقراءة، مثل CSV أو JSON، لتسهيل التحليل المتقدم. يساهم في تقليل مخاطر الهجمات التي تستغل عمليات فك التسلسل غير المراقبة في بيئات الإنتاج.

Novelty

7/10

Tags

security-scanning deserialization-detection python-code-analysis cwe-502-detection torch.load-safety pickle-vulnerability-detection

Technologies

pytorch

Claude Models

claude-opus-4.6

Quality Score

C
64.3/100
Structure
73
Code Quality
65
Documentation
47
Testing
50
Practices
66
Security
90
Dependencies
60

Strengths

  • Good test coverage (100% test-to-source ratio)
  • Code linting configured (ruff (possible))
  • Consistent naming conventions (snake_case)
  • Good security practices \u2014 no major issues detected
  • Properly licensed project

Weaknesses

  • No CI/CD configuration \u2014 manual testing and deployment

Recommendations

  • Add a test suite \u2014 start with critical path integration tests
  • Set up CI/CD (GitHub Actions recommended) to automate testing and deployment

Security & Health

4.1h
Tech Debt (E)
A
OWASP (100%)
PASS
Quality Gate
A
Risk (10)
Repobility · code-quality intelligence · https://repobility.com
MIT
License
0.0%
Duplication
Full Security Report AI Fix Prompts SARIF SBOM

Languages

python
77.7%
markdown
15.4%
toml
6.5%
yaml
0.3%

Frameworks

None detected

Concepts (2)

Open methodology · Repobility · https://repobility.com/research/
CategoryNameDescriptionConfidence
Powered by Repobility — scan your code at https://repobility.com
auto_descriptionProject DescriptionScan Python repos for unsafe torch.load() and pickle deserialization (CWE-502)80%
auto_categoryLibrarylibrary60%

Quality Timeline

1 quality score recorded.

View File Metrics

Embed Badge

Add to your README:

![Quality](https://repos.aljefra.com/badge/73282.svg)
Quality BadgeSecurity Badge
Export Quality CSVDownload SBOMExport Findings CSV